Hi, I am having a problem sending to external email addresses... this is happening via the web mail system - it says invalid email address. Here is the log, below. I recently had a firewall put in front of the server so the IP did not change for MX record, but it is now operating behind NAT.

Here is what I have checked:

My host file appropriately reflects the private IP of the server for the domain.

I did "zmprov mcf zimbraMtaMyNetworks ''" to add in the new ip range (also including the old values).

I checked the outgoing IP to make sure it matched up to the old public IP - as in in / out same IP.

Here is the log (domain name /emails replaced for security).... thanks!

at com.sun.mail.smtp.SMTPTransport.rcptTo(SMTPTranspo rt.java:1281)
at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTr ansport.java:622)
at javax.mail.Transport.send0(Transport.java:169)
at javax.mail.Transport.send(Transport.java:98)
at com.zimbra.cs.mailbox.MailSender.sendMessage(MailS ender.java:428)
at com.zimbra.cs.mailbox.MailSender.sendMimeMessage(M ailSender.java:248)

Last edited by uxbod; 03-12-2008 at 05:47 AM.
Reason: changed to solved

In the first line of that log snippet you've posted there is an IP address, is it supposed to be your Zimbra server as I get no response from port 25 at that address. Do you also have a Split DNS set-up? Have you changed all your DNS records to point to the new server IP address?

In the first line of that log snippet you've posted there is an IP address, is it supposed to be your Zimbra server as I get no response from port 25 at that address. Do you also have a Split DNS set-up? Have you changed all your DNS records to point to the new server IP address?

No - that is the IP address from my ISP that I was accessing the web mail client with.

FYI, it is a RedHat EL 5 server.

Yes, DNS is setup correctly, MX records are in place. This was all working fine before I had the firewall put in place. I could send to any address, was receiving email fine, no issues.

Sorry ...

I'm not 100% sure what you mean by reflection. It's a Checkpoint X16 firewall at the planet data center.

Two things I do know, from the terminal of the mail server itself I can telnet to port 25 of the public IP and the request is answered. Is that what you mean by reflection?

I can also do a wget Current IP Check and it reflects my IP as being the public IP that the mx record is pointed to.

Have a look on the internet about NAT reflection. This is a way that systems that are protected by a firewall to communicate to other systems behind the firewall using thier public address. This also pertains to communicating to it own public IP address. So if you are on a 10.10.10.0 internal network and your external is say 172.16.13.42 and you try to access it from within the network, the firewall has trouble with the NATing. The way around it to do NAT reflection. Sorry for being confusing, I don't know if your firewall has to have NAT reflection on or not. You might want to check out the Admin Guide for it. If you can telnet from the machine to it own public IP and it works you may not have a problem with NAT reflection on port 25, but you still need to have a look at port 7025 for LMTP.

Have a look on the internet about NAT reflection. This is a way that systems that are protected by a firewall to communicate to other systems behind the firewall using thier public address. This also pertains to communicating to it own public IP address. So if you are on a 10.10.10.0 internal network and your external is say 172.16.13.42 and you try to access it from within the network, the firewall has trouble with the NATing. The way around it to do NAT reflection. Sorry for being confusing, I don't know if your firewall has to have NAT reflection on or not. You might want to check out the Admin Guide for it. If you can telnet from the machine to it own public IP and it works you may not have a problem with NAT reflection on port 25, but you still need to have a look at port 7025 for LMTP.

Hope it helps.

Pod

Thanks - yeah I can access the public IP from the LAN (private IP) side of the firewall.

Ok! I got this solved w/ a little help from support. The problem was myNetworks was not set w/ the private IP address. I had changed this (or I thought), but when starting the MTA using zmmtactl I noticed:
Wed Mar 12 07:15:18 2008 Executing /opt/zimbra/postfix/sbin/postconf -e mynetworks=''